CVE-2022-49886: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was discovered in the Linux kernel related to TDX (Trust Domain Extensions) memory access handling. The issue was disclosed on May 1, 2025, and affects the handling of virtualization exceptions (#VE) on 'private' memory access, where all normal kernel memory is considered 'TDX private memory', including kernel stacks and kernel text (NVD).

The vulnerability stems from TDX hardware's capability to deliver virtualization exceptions (#VE) on any access to private memory. While this could theoretically occur, the system can be configured to prevent these exceptions using the ATTR_SEPT_VE_DISABLE TD attribute. The guest system cannot set this attribute but can verify its status. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

If exploited, this vulnerability could lead to system instability as handling exceptions on arbitrary accesses to kernel memory is essentially impossible due to their potential occurrence in critical areas like kernel entry/exit points. The system is designed to panic in such scenarios as there is no safe way for Linux to operate with this attribute cleared (Wiz).

The mitigation involves ensuring the ATTR_SEPT_VE_DISABLE attribute is set during early boot, with the system configured to panic if this attribute is found to be unset. This is considered appropriate as there is no viable way for Linux to operate safely with this attribute cleared (NVD).